bisecting cause commit starting from bcf876870b95592b52519ed4aafcf9d95999bc9c
building syzkaller on 196277c4035b5442b7a259953677543566c9b9a9
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: e1567b8a6b75d87261b9bc02d6e15fe7134121904f33183ae778f90b1513e649
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_event_packet
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_event_packet
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_event_packet
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_event_packet
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_event_packet
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_event_packet
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_event_packet
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_event_packet
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_event_packet
run #9: boot failed: can't ssh into the instance
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0
kernel signature: 94af6731facf68baacf15b75dd744ce1e58bb532d78f0a739b9ef1a6a9199544
all runs: crashed: general protection fault in hci_event_packet
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: 7dffd3c047c34e819485554a5091d65cc7241c20710450f22540cf42535bd12c
run #0: crashed: general protection fault in hci_event_packet
run #1: crashed: general protection fault in hci_event_packet
run #2: crashed: general protection fault in hci_event_packet
run #3: crashed: general protection fault in hci_event_packet
run #4: crashed: general protection fault in hci_event_packet
run #5: crashed: general protection fault in hci_event_packet
run #6: crashed: general protection fault in hci_event_packet
run #7: crashed: general protection fault in hci_event_packet
run #8: crashed: general protection fault in hci_event_packet
run #9: boot failed: can't ssh into the instance
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: ef03c4dceda25e1fbe90e551aa276b1d0816150870c5c605993e9281801b0844
all runs: crashed: general protection fault in hci_event_packet
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: fb9580b475947032c8af428a84d968ecb7d822394a686f04eb7c1d20dcdf930f
all runs: crashed: general protection fault in hci_event_packet
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: ab7e518c218a60badbbfac64dc26288bdec20a62e804111c728af95b0037952f
all runs: crashed: general protection fault in hci_event_packet
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: 3a858b8bd69587cecb308acc9de47f4815a44b9953adf9c1d414ca412b837b1b
all runs: crashed: general protection fault in hci_phy_link_complete_evt
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
kernel signature: e7f9e49eeabccafdd3d4f7fbf8f155f2134a14f2604a17c05b83ecb70567b9ce
all runs: crashed: general protection fault in hci_phy_link_complete_evt
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
kernel signature: f1e81caa9b4d7ebc0ec0bf798adb463b0045e238148755f38f15c25259a0185c
all runs: crashed: general protection fault in hci_phy_link_complete_evt
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
kernel signature: 2360fd1163c8ba9056f100cc10a6cacf764d5e02fa89c75949edf0211c58e06f
all runs: crashed: general protection fault in hci_phy_link_complete_evt
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
kernel signature: 1e39b387969930e94320964467b419e39d4f30c5f87178a08ffb7f9c78705816
all runs: crashed: general protection fault in hci_phy_link_complete_evt
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0
kernel signature: 2de034accf595d42d70e9aab12b65d45d8020767c2b14dd930364e6e47285f16
all runs: crashed: general protection fault in hci_phy_link_complete_evt
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0
kernel signature: 92e5e48347cee846742118b607b6edf0df8912902db00417eae040fa5bc6fe14
all runs: crashed: general protection fault in hci_phy_link_complete_evt
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0
kernel signature: 436034edd626b5eab9ecadf29e072215f9feb4f1feb01e38ab8990093f712581
all runs: crashed: general protection fault in hci_event_packet
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0
kernel signature: 91d32fa747cb99c1805883c1dfa827b5276f75ecae5e2a6719e4aa739c2d26c3
all runs: crashed: general protection fault in hci_event_packet
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0
kernel signature: bbecdcd5eb757c5cb2e875a29d6540dbf4c2147d2e13c6451bfa54633756702f
all runs: crashed: general protection fault in hci_event_packet
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0
kernel signature: ab05e7f629f5c51aa935bb152451665cb31ede680a9a80d3a074ffc9f9615e14
all runs: crashed: general protection fault in hci_event_packet
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0
kernel signature: 08260b82918875e8701403d9abc8be17e7aae77460b53420d1671211759c3c4c
all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0
kernel signature: 2288853b79c5538eb41db0db018bc9f0495ff7649414d159f421012868c8c7a1
all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0
kernel signature: e9ffcb79d50dd8c39df42c95aeafac836779292535cc8a0822b7e5ff1a9feba3
all runs: crashed: general protection fault in hci_event_packet
testing release v4.9
testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0
kernel signature: 073346c282ea52e1aa109b1100b40e16cc63e9e65832a173ed2d198793783547
run #0: crashed: WARNING in nf_unregister_net_hook
run #1: crashed: WARNING in nf_unregister_net_hook
run #2: crashed: WARNING in nf_unregister_net_hook
run #3: crashed: WARNING in nf_unregister_net_hook
run #4: crashed: WARNING in nf_unregister_net_hook
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
testing release v4.8
testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0
kernel signature: eda60496351037d928879dd4ffe08975ac190553818e15335a3c8a3c5518df3b
all runs: OK
# git bisect start 69973b830859bc6529a7a0468ba0d80ee5117826 c8d2bc9bc39ebea8437fd974fdbc21847bb897a3
Bisecting: 8695 revisions left to test after this (roughly 13 steps)
[a5af7e1fc69a46f29b977fd4b570e0ac414c2338] rxrpc: Fix loss of PING RESPONSE ACK production due to PING ACKs
testing commit a5af7e1fc69a46f29b977fd4b570e0ac414c2338 with gcc (GCC) 5.5.0
kernel signature: 437135e445236575898c5ede021850477dadae1b5dc24b6e62a68588c7229164
all runs: crashed: WARNING in nf_unregister_net_hook
# git bisect bad a5af7e1fc69a46f29b977fd4b570e0ac414c2338
Bisecting: 4346 revisions left to test after this (roughly 12 steps)
[d268dbe76a53d72cc41316eb59e7968db60e77ad] Merge tag 'pinctrl-v4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
testing commit d268dbe76a53d72cc41316eb59e7968db60e77ad with gcc (GCC) 5.5.0
kernel signature: 8021e0f257d22c3ec7d4d8b8e262347f7ea74cd60f7a6d2af6a9b136f2f53cd8
all runs: crashed: general protection fault in nf_unregister_net_hook
# git bisect bad d268dbe76a53d72cc41316eb59e7968db60e77ad
Bisecting: 2170 revisions left to test after this (roughly 11 steps)
[02bafd96f3a5d8e610b19033ffec55b92459aaae] Merge tag 'docs-4.9' of git://git.lwn.net/linux
testing commit 02bafd96f3a5d8e610b19033ffec55b92459aaae with gcc (GCC) 5.5.0
kernel signature: 9fd43a92724f54ef037e332bb69d3dfb2fbe202a3846607e82d853f2568487b7
all runs: OK
# git bisect good 02bafd96f3a5d8e610b19033ffec55b92459aaae
Bisecting: 1051 revisions left to test after this (roughly 10 steps)
[e812bd905a5cf00fea95da9df4889dad63d4a36a] Merge tag 'wireless-drivers-next-for-davem-2016-09-15' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
testing commit e812bd905a5cf00fea95da9df4889dad63d4a36a with gcc (GCC) 5.5.0
kernel signature: 0ec7015c3228980b1e0e5d24ce8186abd46caa881947ab655a099b1176200be8
run #0: crashed: KASAN: use-after-free Read in batadv_iv_ogm_queue_add
run #1: crashed: KASAN: null-ptr-deref Read
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad e812bd905a5cf00fea95da9df4889dad63d4a36a
Bisecting: 559 revisions left to test after this (roughly 9 steps)
[ccbd3dbe85e1445231a7e0da2dada130cedce9d0] rxrpc: Fix a potential NULL-pointer deref in rxrpc_abort_calls
testing commit ccbd3dbe85e1445231a7e0da2dada130cedce9d0 with gcc (GCC) 5.5.0
kernel signature: c5afe7e40503e37373c46104e560a333abaf9e075d9dfe4458a700e4bdb3e5b9
all runs: OK
# git bisect good ccbd3dbe85e1445231a7e0da2dada130cedce9d0
Bisecting: 279 revisions left to test after this (roughly 8 steps)
[aebf5de07aabd44db740c9d33b6daa1abd19fa56] sctp: use IS_ENABLED() instead of checking for built-in or module
testing commit aebf5de07aabd44db740c9d33b6daa1abd19fa56 with gcc (GCC) 5.5.0
kernel signature: 22acab8341236b90fe80c92919097d53817e989b770339edf02e925040cc7c6d
all runs: OK
# git bisect good aebf5de07aabd44db740c9d33b6daa1abd19fa56
Bisecting: 139 revisions left to test after this (roughly 7 steps)
[ae1799a1cb130170c3ba3370793cea5b0d9d2aa8] mwifiex: correction in Rx STBC field of htcapinfo
testing commit ae1799a1cb130170c3ba3370793cea5b0d9d2aa8 with gcc (GCC) 5.5.0
kernel signature: ca86e0225613d908f10b37bd1ca7348be58452c919e3ed38b6a1866ef370a054
all runs: OK
# git bisect good ae1799a1cb130170c3ba3370793cea5b0d9d2aa8
Bisecting: 69 revisions left to test after this (roughly 6 steps)
[bc4abfcf51835420d61440b2b7aa18181bc1f273] rxrpc: Add missing wakeup on Tx window rotation
testing commit bc4abfcf51835420d61440b2b7aa18181bc1f273 with gcc (GCC) 5.5.0
kernel signature: 1761fde4c860e2355a705aaeb16542d121a02abe9338e232fc34149909145cd9
run #0: crashed: general protection fault in batadv_iv_ogm_queue_add
run #1: crashed: general protection fault in batadv_iv_ogm_queue_add
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad bc4abfcf51835420d61440b2b7aa18181bc1f273
Bisecting: 34 revisions left to test after this (roughly 5 steps)
[ca28b8f2b8f316b9973693c72770c98da3e9500e] net: l3mdev: Remove l3mdev_fib_oif
testing commit ca28b8f2b8f316b9973693c72770c98da3e9500e with gcc (GCC) 5.5.0
kernel signature: b9352b2b2b8af35b386a70af3869dcce2d913c541d02c3489b0a8b25aa8d3048
all runs: OK
# git bisect good ca28b8f2b8f316b9973693c72770c98da3e9500e
Bisecting: 17 revisions left to test after this (roughly 4 steps)
[547e530a5e10fbc8e78bf2573508e46ca1bf571f] sis900: use IS_ENABLED() instead of checking for built-in or module
testing commit 547e530a5e10fbc8e78bf2573508e46ca1bf571f with gcc (GCC) 5.5.0
kernel signature: c0b41339b84a87289aa65f42f5fdc65b2212c4634d5d29911dede8f44e6ac4fe
run #0: crashed: general protection fault in batadv_iv_ogm_queue_add
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 547e530a5e10fbc8e78bf2573508e46ca1bf571f
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[941992d2944789641470626e9336d663236b1d28] ethernet: amd: use IS_ENABLED() instead of checking for built-in or module
testing commit 941992d2944789641470626e9336d663236b1d28 with gcc (GCC) 5.5.0
kernel signature: 66430925e035f1781ff488706fc1488c0b15f8b6c6276e125e0045be9a1e996b
run #0: crashed: general protection fault in batadv_iv_ogm_queue_add
run #1: crashed: general protection fault in batadv_iv_ogm_queue_add
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 941992d2944789641470626e9336d663236b1d28
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[02154927c115c7599677df57203988e05b576346] net: dsa: bcm_sf2: Get VLAN_PORT_MASK from b53_device
testing commit 02154927c115c7599677df57203988e05b576346 with gcc (GCC) 5.5.0
kernel signature: d11cbb18c098b04990446a22d67ee9fb21c4361477abccd87643cd3a03531a81
all runs: OK
# git bisect good 02154927c115c7599677df57203988e05b576346
Bisecting: 1 revision left to test after this (roughly 1 step)
[aa211d2074ec4266b89673a54719421464c943e3] 3c59x: use IS_ENABLED() instead of checking for built-in or module
testing commit aa211d2074ec4266b89673a54719421464c943e3 with gcc (GCC) 5.5.0
kernel signature: 06068b10f13d73800eb2e21aa78c92f2ff64e0569205244407b9fbfedd5421d1
all runs: OK
# git bisect good aa211d2074ec4266b89673a54719421464c943e3
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[5a5ab1611aa5c17a32b64a4c5069c26e1fd7c960] starfire: use IS_ENABLED() instead of checking for built-in or module
testing commit 5a5ab1611aa5c17a32b64a4c5069c26e1fd7c960 with gcc (GCC) 5.5.0
kernel signature: 2683b45bcb2343669884304b4199daa53100625a4ee8d6bc82245894129aca90
all runs: OK
# git bisect good 5a5ab1611aa5c17a32b64a4c5069c26e1fd7c960
941992d2944789641470626e9336d663236b1d28 is the first bad commit
commit 941992d2944789641470626e9336d663236b1d28
Author: Javier Martinez Canillas <javier@osg.samsung.com>
Date:   Mon Sep 12 10:03:34 2016 -0400

    ethernet: amd: use IS_ENABLED() instead of checking for built-in or module
    
    The IS_ENABLED() macro checks if a Kconfig symbol has been enabled either
    built-in or as a module, use that macro instead of open coding the same.
    
    Using the macro makes the code more readable by helping abstract away some
    of the Kconfig built-in and module enable details.
    
    Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
    Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 drivers/net/ethernet/amd/7990.c     | 6 +++---
 drivers/net/ethernet/amd/amd8111e.c | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)
culprit signature: 66430925e035f1781ff488706fc1488c0b15f8b6c6276e125e0045be9a1e996b
parent  signature: 2683b45bcb2343669884304b4199daa53100625a4ee8d6bc82245894129aca90
revisions tested: 36, total time: 6h58m58.018137144s (build: 2h59m17.175242684s, test: 3h55m27.050348026s)
first bad commit: 941992d2944789641470626e9336d663236b1d28 ethernet: amd: use IS_ENABLED() instead of checking for built-in or module
recipients (to): ["davem@davemloft.net" "geert@linux-m68k.org" "javier@osg.samsung.com"]
recipients (cc): []
crash: general protection fault in batadv_iv_ogm_queue_add
batman_adv: batadv0: Removing interface: batadv_slave_0
kasan: CONFIG_KASAN_INLINE enabled
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 2497 Comm: kworker/u4:4 Not tainted 4.8.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
task: ffff880122c460c0 task.stack: ffff880122c28000
RIP: 0010:[<ffffffff85c6cd5f>]  [<ffffffff85c6cd5f>] batadv_iv_ogm_queue_add+0x2f/0xf50 net/batman-adv/bat_iv_ogm.c:780
RSP: 0018:ffff880122c2fa78  EFLAGS: 00010296
RAX: dffffc0000000000 RBX: ffff8801254140c0 RCX: ffff8801254140c0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: ffff880122c2fb18 R08: ffff8801254140c0 R09: 0000000000000001
R10: ffff880122c46920 R11: ffff880122c460c0 R12: 000000000000003c
R13: 0000000000000000 R14: ffff8801254140c0 R15: ffff88011ed4dc00
FS:  0000000000000000(0000) GS:ffff88012c000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055667a114e28 CR3: 000000010bd18000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 0000000000000000 0000000000000000 0000000000000002 0000000000000000
 ffff880122c2fb18 0000000000000282 0000000000000000 ffffffff85c704bd
 ffff880100000000 00000000000003d4 00000000ffffe87d ffff88011ed4d180
Call Trace:
 [<ffffffff85c7064e>] batadv_iv_ogm_schedule+0x95e/0xcc0 net/batman-adv/bat_iv_ogm.c:984
 [<ffffffff85c70eba>] batadv_iv_send_outstanding_bat_ogm_packet+0x4fa/0x8b0 net/batman-adv/bat_iv_ogm.c:1810
 [<ffffffff81393d9d>] process_one_work+0x67d/0x14f0 kernel/workqueue.c:2096
 [<ffffffff81394cea>] worker_thread+0xda/0xf10 kernel/workqueue.c:2230
 [<ffffffff813a5699>] kthread+0x209/0x2d0 kernel/kthread.c:209
 [<ffffffff85dcc44f>] ret_from_fork+0x1f/0x40 arch/x86/entry/entry_64.S:393
Code: 00 00 00 fc ff df 55 48 89 e5 41 57 49 89 ff 48 8d 7e 03 41 56 41 55 49 89 f5 41 54 41 89 d4 48 89 fa 48 c1 ea 03 53 48 83 ec 78 <0f> b6 04 02 48 89 fa 48 89 4d a8 83 e2 07 4c 89 45 b8 44 89 4d 
RIP  [<ffffffff85c6cd5f>] batadv_iv_ogm_queue_add+0x2f/0xf50 net/batman-adv/bat_iv_ogm.c:769
 RSP <ffff880122c2fa78>
---[ end trace b8fb6110e8e9e3e9 ]---